[master] minimal-any
4371. [func] New "minimal-any" option reduces the size of UDP responses for qtype ANY by returning a single arbitrarily selected RRset instead of all RRsets. Thanks to Tony Finch. [RT #41615]
This commit is contained in:
Evan Hunt
@@ -4438,6 +4438,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
|
||||
<optional> has-old-clients <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> host-statistics <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> host-statistics-max <replaceable>number</replaceable>; </optional>
|
||||
<optional> minimal-any <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> minimal-responses <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> multiple-cnames <replaceable>yes_or_no</replaceable>; </optional>
|
||||
<optional> notify <replaceable>yes_or_no</replaceable> | <replaceable>explicit</replaceable> | <replaceable>master-only</replaceable>; </optional>
|
||||
@@ -6196,6 +6197,30 @@ options {
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>minimal-any</command></term>
|
||||
<listitem>
|
||||
<para>
|
||||
If set to <userinput>yes</userinput>, then when
|
||||
generating a positive response to a query of type
|
||||
ANY over UDP, the server will reply with only one
|
||||
of the RRsets for the query name, and its covering
|
||||
RRSIGs if any, instead of replying with all known
|
||||
RRsets for the name. Similarly, a query for type
|
||||
RRSIG will be answered with the RRSIG records covering
|
||||
only one type. This can reduce the impact of some kinds
|
||||
of attack traffic, without harming legitimate
|
||||
clients. (Note, however, that the RRset returned is the
|
||||
first one found in the database; it is not necessarily
|
||||
the smallest available RRset.)
|
||||
Additionally, <option>minimal-responses</option> is
|
||||
turned on for these queries, so no unnecessary records
|
||||
will be added to the authority or additional sections.
|
||||
The default is <userinput>no</userinput>.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><command>multiple-cnames</command></term>
|
||||
<listitem>
|
||||
|
||||
@@ -484,6 +484,16 @@
|
||||
when a system's clock needs to be reset backwards.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The new <command>minimal-any</option> reduces the size of
|
||||
answers to UDP queries for type ANY by implementing one of
|
||||
the strategies in "draft-ietf-dnsop-refuse-any": returning
|
||||
a single arbitrarily-selected RRset that matches the query
|
||||
name rather than returning all of the matching RRsets.
|
||||
Thanks to Tony Finch for the contribution. [RT #41615]
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user